The fastest, open, infrastructure-independent, advanced analytics SQL database
Securely access and analyze enterprise (and public) text, audio & video data
An intuitive hunt and investigation solution that decreases security incidents
User and entity behavioral analytics that augments existing security tools and empowers security operations teams to identify and respond to the threats that matter before data is stolen
Autonomous operations through a business lens
Intelligent automation for service desk, configuration, and asset management
SQL analytics solution handling large amounts of data for big data analytics
High-scale protection of sensitive data at rest, in motion, and in use across systems
Agile/DevOps management for continuous quality and delivery
Manage and track requirements from idea to deployment
Plan, track, orchestrate, and release complex applications across any environment
Enable all aspects of SCCM with enterprise grade scalability, security, and compliance
Automate deployments for continuous delivery with drag-and-drop simplicity
Govern application lifecycle activities to achieve higher quality
Unify test management to drive efficiency and reuse
Integrated, component-based test framework that accelerates functional test automation
Accelerate functional test automation across web, mobile, API, and enterprise apps
Discover, design, and simulate services and APIs to remove dependencies and bottlenecks
Shift-left functional testing using the IDE, language, and testing frameworks of choice
Reliable and efficient test automation for functional and regression testing
Centralized, omnipresent lab to develop, debug, test, monitor, and optimize mobile apps
Learn more about the LoadRunner Family of solutions
Cloud-based solution to easily plan, run and scale performance tests
Project-based performance testing to identify performance issues
Easy-to-use performance testing solution for optimizing application performance
Collaborative performance testing platform for globally distributed teams
Discover, design, and simulate services and APIs to remove dependencies and bottlenecks
Identifies security vulnerabilities in software throughout development
Gain valuable insight with a centralized management repository for scan results
Manage your entire application security program from one interface
Provides comprehensive dynamic analysis of complex web applications and services
Builds packages of change artifacts to speed up mainframe application development
Enable faster, efficient parallel development at scale
A development environment that streamlines mainframe COBOL and PL/I activities
Intelligence and analysis technology that provides insight into core processes
Fuel mobile apps, cloud initiatives, process automation, and more
Future-proof core COBOL business applications
Maintain and enhance ACUCOBOL-based applications
Deliver application access—anywhere
Maintain and enhance COBOL systems
Maintain and enhance RM/COBOL applications
Connect COBOL applications to relational database management systems
Derive incremental value with real-time, relational access to COBOL data
Unlock business value with real-time, relational access to ACUCOBOL data
Connect ACUCOBOL applications to relational database management systems
Automatically understand and analyze Micro Focus COBOL applications
Build COBOL applications using Agile and DevOps practices
Deploy COBOL applications across distributed, containerized or cloud platforms
Modernize core business system infrastructure to support future innovation
Manage agile projects using a collaborative, flexible, requirements and delivery platform
Manage requirements with full end-to-end traceability of processes
Automatically understand and analyze IBM mainframe applications
Capture, analyze, and measure the value, cost and risk of application portfolios
Build packages of change artifacts to speed up mainframe application development
Build and manage packages of change artifacts to speed up mainframe application development
Provide multiple change management interfaces to maintain mainframe apps
Build and modernize IBM mainframe COBOL and PL/I applications
Enable faster, efficient parallel development at scale
Fuel mobile apps, cloud initiatives, process automation, and more
Manage mainframe files for fast problem resolution
Easily test mainframe application changes using flexible infrastructure
Compare and manage mainframe data, text, and directory files
Connect Dev and Ops by automating the deployment pipeline and reduce feedback time
Centralize planning and control for the entire software release lifecycle
Orchestrate and integrate processes for faster software development and delivery
Detect changes, synchronizes multiple environments, and restores failed systems
Execute IBM mainframe COBOL and PL/I workload on Windows, Linux and the Cloud
Execute modernized IBM mainframe workloads under Microsoft .NET and Azure
Modernize IBM, HP, and Unix application access across desktop and mobile devices
Web-enable IBM and VT application desktop access, Java free
Modernize Unisys mainframe application desktop access
Modernize IBM, HP, and Unix application desktop access
Automate IBM, HP, and Unix application desktop access
Create new applications and workflows with Web services and APIs for IBM, HP, and UNIX applications
Fuel analytics platforms and BI applications with Unisys MCP DMSII data in real time
Centralize host access management with identity-powered access control and data security
Modernize file transfer with security, encryption and automation, within and across the firewall
Learn how Advanced Authentication Connector for z/OS is a multi-factor authentication for all your IBM z/OS end points
Measure and manage terminal-based software deployment and usage
Centralize host access management with identity-powered access control and data security
Develop and deploy applications with a comprehensive suite of CORBA products
Build distributed applications at enterprise scale
Develop, deploy, and support CORBA 2.6 compliant middleware in C++ or Java
Connect applications on diverse operating environments
Email, IM, chat-based teamwork, anti-virus, anti-spam, disaster recovery, and more
Provides secure file access and sharing from any device
Provides secure email, calendaring, and task management for today's mobile world
Backup and disaster recovery solution that ensures critical email is always available
Seven essential tools to build IT infrastructures, including secure file sharing
Provides secure team collaboration with document management and workflow features
Protect your network and messaging system from malware, viruses, and harmful content
Provides single sign-on for enterprises and federation for cloud applications
Protect your sensitive information more securely with multi-factor authentication
File Reporter and Storage Manager solution suite bundle
File Reporter for OES examines OES network file systems and delivers intelligent file insights so you can make the most intelligent business decisions.
Provides secure file access and sharing from any device
Protects your key business systems against downtime and disaster
Simplifies resource management on a Storage Area Network and increases availability
File, print, and storage services perfect for mixed IT environments
Cloud-based endpoint backup solution with file sync and share, and analytics
Package, test, and deploy containerized Windows apps quickly and easily
Seven integrated products to help track, manage and protect endpoint devices
Provides reports that integrate licensing, installation and usage data
Provides automated endpoint management, software distribution, support, and more
Delivers identity-based protection for devices and features total protection
Proactive laptop and desktop data protection to automatically lock out threats
Automates patch assessment and monitors patch compliance for security vulnerabilities
Streamlines and automates the way you provide IT services to your business
Cloud-based, scalable archiving for regulatory, legal, and investigative needs
Archive all business communication for case assessment, search, and eDiscovery
Automate employee data and communication monitoring to meet regulatory compliance and internal initiatives
Mitigate risk across social media channels to meet regulatory compliance obligations
Protect your network and messaging system from malware, viruses, and harmful content
Helping organizations meet data privacy regulatory guidelines through the management & disposition of data.
Address the ever-changing needs of network data management
File analysis to discover, classify and automate policy on unstructured data
Discover what is being stored and who has access
Structured data archiving to retire outdated applications and reduce data footprint
Identity-driven governance of data & access
SaaS-based file analysis on all of your unstructured data
Respond to litigation and investigations quickly, accurately, & cost-effectively
Securely access and analyze enterprise (and public) text, audio & video data
Backup and disaster recovery for diverse, dynamic, and distributed enterprise
Automate provisioning, patching, and compliance across the data center
Discover and manage configuration items (CIs) in Hybrid IT environments.
Simplify fulfillment automation and enforce governance
Automate and manage traditional, virtual, and software-defined networks
The first containerized, autonomous monitoring solution for hybrid IT
Automate IT processes end-to-end
Build, secure, and scale automated business processes across the enterprise
Engaging end-user experience and efficient service desk based on machine learning
Manage IT assets for improved costs
A comprehensive threat detection, analysis, and compliance management SIEM solution
An intelligent log management solution that eases compliance burdens and accelerates forensic investigation for security professionals
A comprehensive log management solution for easier compliance, efficient log search, and secure cost-effective storage.
Download and deploy pre-packaged content to dramatically save time and management
A future-ready data platform that transforms data chaos into security insight.
User and entity behavioral analytics that augments existing security tools and empowers security operations teams to identify and respond to the threats that matter before data is stolen
A fully-featured, adaptable solution that simplifies the day-to-day use of SIEM
A comprehensive Security Orchestration Automation Response platform with cognitive automation, investigation service desk, process orchestration and SOC analytics.
SaaS-based file analysis on all of your unstructured data
Identify, analyze, and manage your data; then establish policies to protect your data properly and efficiently, in use and throughout its lifecycle, and ensure data preservation.
Persistent file encryption, complete control, and visibility to simplify unstructured data security
Format-preserving encryption, tokenization, data masking, and key management
Omni-channel PCI compliance and data protection for end-to-end payments security
Email, file, and Office 365 protection for PII, PHI, and Intellectual Property
Saas cloud email encryption to protect information on Office 365
Identifies security vulnerabilities in source code early in software development
Provides comprehensive dynamic analysis of complex web applications and services
Gain valuable insight with a centralized management repository for scan results
Manage your entire application security program from one interface
Provisions and governs access to unstructured data
Provides an LDAP directory with incredible scalability and an agile platform
Provides automated user access review and recertification to remain compliant
Delivers an intelligent identity management framework to service your enterprise
Provides single sign-on for enterprises and federation for cloud applications
Move beyond username and passwords and securely protect data and applications
Multi-factor Authentication for all your IBM z/OS end points
Integrate the host with your modern security framework
Adapt the authentication and access experience to the risk at hand.
Enables users to reset their passwords without the help of IT
Streamlines authentication for enterprise apps with a single login experience
Protect and manage access to your APIs.
Enables IT administrators to work on systems without exposing credentials
Limits administrative privileges and restricts directory views to specific users
Edit, test and review Group Policy Object changes before implementation
Protect critical data, reduce risk and manage change with Change Guardian
Extend the power of Active Directory to Linux resources
Unify and centrally manage policies across multiple platforms.
Protect critical data, reduce risk and manage change with Change Guardian
Finds and repairs configuration errors that lead to security breaches or downtime
Provides easy compliance auditing and real-time protection for IBM iSeries systems
Help you embed security throughout the IT value chain and drive collaboration between IT operations, applications, and security teams.
Help you to react faster and gain a competitive advantage with enterprise agility.
Accelerate your hybrid cloud outcomes with advisory, transformation and implementation services.
Application management services that let you out-task solution management to experts who understand your environment.
Strategic consulting services to guide your digital transformation agenda.
Fully functional use-case modeling, with pre-built integrations across the Micro Focus Software portfolio, showcasing real-life use-case
Expert security intelligence services to help you quickly architect, deploy, and validate your Micro Focus security technology implementation.
A service integration and management service that optimizes delivery, assurance, and governance in multi-supplier settings.
Get insights from big data with real-time analytics, and search unstructured data.
Get insights from big data with real-time analytics, and search unstructured data.
Get insights from big data with real-time analytics, and search unstructured data.
Mobile services that ensure performance and expedite time-to-market without compromising quality.
Get insights from big data with real-time analytics, and search unstructured data.
Comprehensive Big Data services to propel your enterprise forward.
All Micro Focus learning in one place
As a telecommunications service provider in the United Arab Emirate, du has more than 6.5 million mobile customers and almost 50% market share. Over 555,000 fixed line subscribers, 180,000 home services subscribers, and over 70,000 businesses have chosen to use services from du. In a survey conducted by ARC Chart, du was named the Best Mobile Broadband Network in the Middle East and Africa region.
Industry
Location
Product
As a rapidly growing mobile and fixed line service provider, du was faced with protecting its growing network and IT infrastructure while controlling costs and efficiently managing IT operations. By deploying ArcSight Enterprise Security Manager, du has been able to automate security and compliance monitoring to cost-effectively support corporate growth while improving efficiency and transforming Big Data into actionable intelligence.
As a company’s size and reliance on technology increases, so does the volume of logs it needs to collect, store, and analyze. This has been the case for du, which generates terabytes of security, network, operating system, database, and application log data each quarter. Emirates Integrated Telecommunications Company (EITC) is a telecommunications operator in the United Arab Emirates (UAE) that is commercially branded as du. It offers mobile and fixed telephony, broadband connectivity, and IPTV services to individuals, homes, and businesses throughout the UAE. The company also provides carrier services for businesses and satellite uplink and downlink services for TV broadcasters. Since its inception, du has consistently maintained a challenging strategic roadmap of supporting sustainable security initiatives.
The company also established a Technology Security and Risk Management (TSRM) organization to ensure that du would be able to maintain its leading edge not only in providing superior security initiatives internally, but also in extending its best practices to support the delivery of managed security services.
TSRM set up a Security Operations Center (SOC) with a Security Incident Response Team (SIRT) in 2008. The core of du’s SOC is a Security Information and Event Management (SIEM) solution from Micro Focus. With over six years of maturity, du is now involved in setting up SOCs as well as offering managed SOC services for enterprises and government institutions throughout the UAE.
As du began building out its SOC, it evaluated best-of-breed products to secure its IT infrastructure.
The company selected TippingPoint Intrusion Prevention Systems to improve visibility into network traffic and benefit from real-time intrusion protection. TippingPoint platforms were deployed in-line in 2008 to protect du from cyber threats targeting applications, networks, and critical data. “We immediately gained detailed visibility into security threats that help us continuously remain aware of online risks and protect against fraud, viruses, and malware,” said Marwan Bindalmook, Senior Vice President of Technology Security and Risk Management for du.
The next step was to replace a SIEM solution that lacked the performance and scalability necessary to support du’s business objectives.
“We needed to secure fast-growing infrastructure, and that meant our SOC needed the ability to collect, correlate, and report on security information from a diverse range of devices and applications, including security devices, database management systems, and telecommunications equipment,” Bindalmook explained. “Our data volumes were exploding, and we needed a higher-performance SIEM solution that could scale with our business growth and provide timely and relevant intelligence to help us quickly detect and respond to any security breaches.”
After a careful evaluation, du selected ArcSight Enterprise Security Manager (ESM), which provides a Big Data analytics approach to security, transforming Big Data into actionable intelligence that can reduce the costs of a breach and help minimize risk to a business. Using device and application connectors, ArcSight ESM provides a central point for the analysis of daily operations.
Armed with all this data, the real-time correlation capabilities of ArcSight ESM can detect unusual or unauthorized activities as they occur.
The visualization and reporting capabilities of ArcSight ESM support dashboards and on-demand or scheduled reports for the SOC team. ArcSight ESM is designed to efficiently store and analyze large volumes of log data.
This universal log management solution efficiently collects and stores machine data from any log-generating source and unifies the data for searching, indexing, reporting, analysis, and retention.
In addition to the out-of-the-box use cases profiling threat conditions that are available with ArcSight ESM, du continuously develops and refines use cases to identify threats. ArcSight ESM is used to identify the relevance of any given event by placing it within the context of who, what, where, when, and why that event occurred, and it assesses the impact of a threat on business risks. It also provides the real-time monitoring, historic analysis, and automated response necessary to manage higher-level business risk events.
The organization has now developed over 550 custom use cases based on its business and risk profiling methods.
A comprehensive security management program typically develops and matures over time, and du has been using ArcSight ESM for the last six years. The architecture, packaging, and out-of-the-box features of ArcSight ESM meant that the solution is uniquely capable of scaling both from capacity and feature perspectives and it could meet du’s logging, monitoring, and analysis needs with a single solution.
The du infrastructure continues to grow, and ArcSight ESM scales to support the growing needs of the company. The SOC is currently leveraging ArcSight ESM to collect more than 30,000 Events Per Second (EPS) and submits about 5,000 EPS for correlation.
ArcSight’s logging format, Common Event Format (CEF) has become the de-facto logging format for almost all device vendors, and out-of-the-box ArcSight ESM supports hundreds of products and its ecosystem is still growing. Using ArcSight’s FlexConnector SDK, members of the SOC team develop custom connectors. “We’ve already developed 62 custom connectors using the FlexConnector SDK,” said Tamer El Bahey, Senior Director of Security Monitoring and Operations for du. “It takes a single developer only about two weeks to build a new connector, and we consider the FlexConnector SDK a major advantage because of the diversity of devices it allows us to capture event information from in real time.”
ArcSight ESM is helping du improve operational efficiency through the automation of manual tasks and optimizing staff efficiency. Successful threat mitigation depends on being able to quickly identify the critical incidents so that they can be handled before they can cause a major negative impact. Reduction in the critical incident rate was crucial for SIRT to effectively respond to incidents. ArcSight ESM helps du filter out the incidents that were resulting in high IT and business risks and act on them more effectively.
Before the deployment of ArcSight ESM, du had to analyze 7,000 alerts per month. As a result, a sizeable security team was required to process the alerts. To help bring the critical event volume under control, du used ArcSight’s correlation and rule-building framework to optimize its security alerts. With the appropriate correlation rules and alerts, ArcSight ESM was able to remove false positives and redundant alerts.
TSRM was able to create over 550 custom correlation rules that analyze about 30,000 EPS received in real time from about 1,500 log sources. According to El Bahey, “Three years ago we had 72 correlation rules and now we have over 550. ArcSight makes it easy to create custom rules, we’ve written them all internally and they allow us to dramatically improve our workforce productivity.”
TSRM has also created more than 30 customized filters to parse events from non-traditional IT solutions and telecommunications equipment to gain increased visibility. ArcSight ESM has helped du to gain the threat visibility it needs by increasing the percentage of its incident-to-true positive value by more than 400%.
By fine-tuning the priorities of critical events, security analysts can see the most important items first and the SOC can provide better service levels. The SOC has been able to reduce the security alerts that need analysis from over 7,000 per month to fewer than 1,000 per month, a decrease of over 85%.
“We now have a full-fledged SOC, of which ArcSight is the core element,” said El Bahey. “ArcSight helps bridge the gap between business risk and IT risk while improving situational awareness and providing better incident response.”
The company continues to improve operations. Now, 82% of compromise attempts are detected in less than 24 hours. The du infrastructure continues to scale; ArcSight EMS analyzed 1,300 log sources last year and now analyzes 1,500 log sources.
While selecting a replacement SIEM solution, a primary TSRM concern was demonstrating how IT-related security risk related to business risks. Though du had purchased multiple best-of-breed security technologies, TSRM found that its original approach of managing logs in their native formats was not delivering the desired results. “By replacing our original SIEM platform with ArcSight, we’ve been able to integrate logs from diverse technologies under a single umbrella and use ArcSight’s powerful correlation engine to develop threat management and risk management use cases to deliver greater value to the business,” Bindalmook explained.
The SIEM solution plays a major role in providing SOC and SIRT services internally. “ArcSight helps us to closely align business and IT risks, and today any security initiative, regardless of security technology or security service, must be aligned with the objectives of the SOC,” Bindalmook stated. “This helps us maintain the overall objectives of TSRM as well as our Service Level Agreements (SLAs) with business users.”
As a result of setting up a world-class SOC with ArcSight ESM at its core, du is starting to offer managed SOC services by setting up of SOCs for enterprises and government customers throughout the region. By leveraging best practices and custom rules and use cases that have been developed and evolved internally, du is extending an internal security initiative into a premium service offering. In this manner, TSRM is evolving from a cost center into a profit center through its advanced implementation of this SIEM solution.
By implementing the ArcSight SIEM solution, we’ve been able to not only improve operational efficiency but also reduce our security and situational awareness expenditures by about 85% over the last three years.
By replacing our original SIEM platform with ArcSight, we’ve been able to integrate logs from diverse technologies under a single umbrella and use ArcSight’s powerful correlation engine to develop threat management and risk management use cases to deliver greater value to the business.